Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Following

Library

Stories

Stats

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

[CERT] OSWE Exam Review and Tips (ft. No Developer Background Candidate)

bigb0ss
InfoSec Write-ups
Published in
7 min readJun 25, 2021

--

Intro

Around beginning of this year, I wanted to begin my journey for Offensive Security’s OSWE (WEB-300) to boost my AppSec skills. I enrolled for the updated OSWE course that was revamped in 2020. The whole experience of taking the course and the exam was amazing. It was the most valuable Offensive Security training that I have ever done so far. I highly recommend this to anyone who wants to ramp-up their web application exploitation and source code review skills.

Since there are already plethora of the OSWE reviews about how it’s structured, what you will be learning, etc., So, I will rather focus on what you need to prepare prior to taking this course + exam and some tips. Basically, what I did to pass the exam.

Also, I have about 4+ years of offensive security experience and do not have any developer background. I did some scripting for automation and writing simple tools, but I am not an expert coder either. Finally, I’ve never really done any professional source code review prior to taking OSWE, so source code review part of the exam was pretty brutal for me.

While Taking the Course

I completed Offensive Security’s OSCP and OSCE before OSWE. Their exams were fun, but it was hard to say their course materials were top-notch. It was mainly because some of the contents were outdated and not really relevant to the current pentesting TTPs. But Offensive Security learned their lessons. As I said before, they “revamped” their OSWE course beautifully in 2020. I really liked all the contents in training materials, and they were pretty up-to-date. When you are going over the course, keep in mind the following:

1) Take a Good Note While Going over the Materials

I only went over the course materials (PDF & Videos) once. Your notes don’t have to be crazily detailed, but at least try to write down process of each web vulnerability exploitation and what commands/payloads you used.

2) Make Sure to Complete the Extra Miles

Even though extra miles will not be a free pass or giving you a hint for the exam, they will be the key to win…

--

--

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

57K Followers
Last published 21 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
bigb0ss
bigb0ss
Follow

Written by bigb0ss

889 Followers
34 Following

OSWE | OSCE | OSCP | CREST | Principal Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech